Google Auth Client for Samsung Gear and Android

Purpose of New App

A new version of Google Auth Client (GAC) has been released and could be found in both Samsung and Google app stores (e.g. see it at Play Store).

The major benefit is that it integrates phone’s and Gear’s 2FA apps in a single solution and allows transferring accounts between these two peers in any direction: from phone to Gear or vise versa. There is no need for Google’s stock app anymore, because the companion includes all GA functionality and adds features that stock GA app is currently missing.

The companion allows scanning Google’s QR bar code, which is a client/server shared secret used for generating one time passwords (OTP).

In addition, the Android’s companion can be also used to backup and restore all 2FA accounts. Backups could be encrypted using a password based encryption (PBE) with HMAC signature used during restore process to verify integrity of the backup.

Plain backups are also supported, but not recommended, since they are stored in Android’s “Download” directory that can be accessed by other applications that are granted “read storage” permission.

Downloads

The most universal way of installing Gear GAC application is through Samsung’s Android Gear App: Gear App

If you browsing apps from a Samsung’s Galaxy device, you can also try a direct link for GAC, but it doesn’t work in all browsers even on Galaxy devices:

Why Updating Old App Not Possible

The old GAC app supports many legacy Gear devices such as Gear, Gear II, Gear Neo, and Gear S. Since all these devices are different, they require different binaries. Samsung App Store doesn’t allow mixing companion and non-companion binary types in a single app’s distribution. That’s why new app is needed to enable companion functionality. We will gladly merge these two versions as soon as Samsung change their policies (the best scenario) or when we decide to stop supporting legacy devices.

Below is an error message, which is caused by an attempt to add a companion-based binary to the old non-companion style app

Adding New Account from Android

To add a new account from the phone you’ll need to select “Connect to Phone” menu on Gear first:

Pic 1. Menu Page on Gear

If the device is already paired with and connected to the phone through Bluetooth, an icon on the top will turn green and you’ll see the following message:

Pic 2. Gear Connected to Phone

At this point a GAC Scanner page should popup on the phone automatically. Point camera to the QR bar code. When QR bar code is recognized the blue border will be blinking and a masked scanned code will show up in an edit box located just above the camera window.

Pic 3. QR Scanner Page

Press “Send to Gear” button and the scanned account will be sent to your Gear device. You can save the account on phone by pressing “Save” button, which will bring you to the “Accounts” page. Alternatively, you can get there by pressing an account button in GAC Scanner’s toolbar (left to exit button).

Pic 4. Accounts Page

At the “Accounts” page you could see a list of OTP tokens for all your accounts, and you can use the buttons on the bottom to perform the following actions (left to right):

Send selected accounts to Gear

Save all accounts to a backup file

Delete selected accounts from your phone

Restore all accounts from a backup

Add more accounts by either scanning QR bar code or by typing a shared secret manually

Tap a list item if you want to zoom token for a single account. The token will be refreshed properly in the zoomed view as well. When a color of the border becomes red, a new token will be generated automatically.

Pic 5. Zoomed Token

You can scroll accounts on this page using left and right arrow buttons on the bottom.

Changing Account’s Order

By default the accounts are stored in an alphabetic order, but it’s possible to change the order by long pressing an account name and dragging it to the new place.

Backing up and Restoring Accounts on Phone

Account restore page can be reached by tapping restore button (second from the right) on Accounts page.

Pic 6. Restore and Backup

By default, restore logic will use an encrypted backup and password will be required to decrypt the accounts and to verify a signature created by a backup. You can use plain unencrypted backup by checking “Don’t use encryption” switch, but that option is strongly discouraged. If you want your app to remember the password, use “Remember password” switch.

A button located in the right part of “Accts on Gear” box could be used to restore phone’s accounts directly from a gear device.

The backups that are not needed anymore can be deleted by selecting them in the backup list and pressing a “trash” button on the bottom.

Saving accounts to a backup file is similar and has two options as well: encrypted and unencrypted backups.

Google Drive can be used to backup and restore accounts as well. Use Google Drive button with a question mark to check what backups are available.

Messages Seeing on Gear

When accounts are successfully received by Gear you’ll see the following screen:

Pic 7. Accounts Received from Phone

When messages are sent by Gear to phone, you’ll see the confirmation screen:

Pic 8. Accounts Sent to Phone

If Gear is disconnected from its peer, the green icon will turn red.

Pic 9. No Connection Page

The Token/OTP page has not changed and can be reached by tapping an account name on menu screen.